Communications Between the JUNOS Enforcer and the Infranet
Controller
When you configure an SRX-series device to connect to an Infranet
Controller through the JUNOS CLI, the SRX-series device and the Infranet
Controller establish secure communications as follows:
The Infranet Controller presents its server certificate
to the SRX-series device. If configured to do so, the SRX-series device
verifies the certificate. (Server certificate verification is not
required; however, as an extra security measure you can verify the
certificate to implement an additional layer of trust.)
The SRX-series device and the Infranet Controller perform
mutual authentication using the proprietary challenge-response authentication.
For security reasons, the password is not included in
the message sent to the Infranet Controller.
After successfully authenticating the SRX-series device,
the Infranet Controller sends it user authentication and resource
access policy information. The SRX-series device uses this information
to act as the JUNOS Enforcer in the UAC network.
Thereafter, the Infranet Controller and the JUNOS Enforcer
can communicate freely with one another over the SSL connection. The
communications are controlled by a proprietary protocol called JUNOS UAC Enforcer Protocol (JUEP).
